CVE-2026-58499 - Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
CVE ID :CVE-2026-58499 Published : July 10, 2026, 9:17 p.m. | 1 hour, 15 minutes ago Description :EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not...